The question here is whether you are trying to restrict access by hostname or by referer.

Restricting by hostname is equivalent to restricting by IP address -- only a client at the named host or IP address can access your server.

However, if you are "clicking on a link" then that implies that you may wish to restrict based upon what site is hosting the link, and that is a referrer-based restriction.

mod_access does not directly support referrer-based access control, but it can be accomplished using mod_sentenvif and the supported "Allow from env=<server_variable" constrruct. Here's a simple example:

SetEnvIf Referer www.ok_site.com OK_allow
...
Allow from env=OK_allow

See mod_setenvif [httpd.apache.org]

Jim

Hi Jim,

I first tried it based on ip-address but this is indeed a wrong aproach because it is based on the end-user system.
So indeed, I have to work with the referer.
I will try the setenvif.

Thx,

Paul

Hello,

I have tried the following htaccess file. It only works partly.
When I use this with a link from the referer site to the "closed" site, it is only showing me the index.html. So far so good.
But I would like internal users continu working on this "closed" site. So other links, graphics, etc. should be shown. But these files and links are forbidden. So I tried to include the <files> statement but that doesn't help. Next thing I tried was adding <directory> but this code didn't worked at all. It stoped the whole htaccess of working.

Any suggestions are welcome,

Regards, Paul

SetEnvIf Referer www\.sitename\.com/test.html internal

<Limit GET POST PUT DELETE>
Order Deny,Allow
Deny from all
Allow from env=internal
</Limit>

<Files *>
Order Deny,Allow
Deny from all
Allow from env=internal
</Files>

<Directory *>
Order Deny,Allow
Deny from all
Allow from env=internal
</Directory>

Probems at many levels:

Only one Order statment is allowed in each .htaccess file.

The Order [httpd.apache.org] you specified was incorrect for this application.

<Limit> will only work for the specified methods, use <Files> unless you really need to treat different HTTP methods differently.

<Directory> cannot be used in .htaccess. It is available only in server config and virtual host contexts, as documented.

It's possible that *anyone* may request a file with a blank referrer, including your 'internal' people. If you feel you need to block blank referrers, then you will need a more sophisticated cookies-and-script-based access control approach, because there is no guarantee that anyone will send a referrer header, or that an intervening network cache won't remove it. And remember that search engines and most media players don't send referrers, either.

I'd suggest:

SetEnvIf Referer sitename\.com internal
SetEnvIf Referer ^$ internal
#
<Files *>
Order Deny,Allow
Deny from all
Allow from env=internal
</Files>

Jim